Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ensure 0644 perms for /etc/pam.d/system #387

Merged
merged 4 commits into from
Feb 9, 2024
Merged

ensure 0644 perms for /etc/pam.d/system #387

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
71a96fb
ensure 0644 perms for /etc/pam.d/system
cocoa-xu Jan 28, 2024
ec6957f
explicitly set file perms for create_file_for_image calls
cocoa-xu Feb 9, 2024
d072296
fix file perms
cocoa-xu Feb 9, 2024
40f4973
Remove trailing whitespace
arichardson Feb 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 14 additions & 12 deletions pycheribuild/projects/disk_image.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -306,27 +306,29 @@ def prepare_rootfs(self):
if self.include_swap_partition:
fstab_contents += "/dev/gpt/swap none swap sw 0 0\n"
fstab_contents += self.file_templates.get_fstab_template()
self.create_file_for_image("/etc/fstab", contents=fstab_contents, show_contents_non_verbose=True)
self.create_file_for_image("/etc/fstab", contents=fstab_contents,
mode=0o644, show_contents_non_verbose=True)

# enable ssh and set hostname
# TODO: use separate file in /etc/rc.conf.d/ ?
rc_conf_contents = self.file_templates.get_rc_conf_template().format(hostname=self.hostname)
self.create_file_for_image("/etc/rc.conf", contents=rc_conf_contents, show_contents_non_verbose=False)
self.create_file_for_image("/etc/rc.conf", contents=rc_conf_contents,
mode=0o644, show_contents_non_verbose=False)

cshrc_contents = self.file_templates.get_cshrc_template().format(SRCPATH=self.config.source_root,
ROOTFS_DIR=self.rootfs_dir)
self.create_file_for_image("/etc/csh.cshrc", contents=cshrc_contents)
self.create_file_for_image("/etc/csh.cshrc", contents=cshrc_contents, mode=0o644)

# Basic .bashrc/.bash_profile template
dot_bashrc_contents = self.file_templates.get_dot_bashrc_template().format(SRCPATH=self.config.source_root,
ROOTFS_DIR=self.rootfs_dir)
self.create_file_for_image("/root/.bashrc", contents=dot_bashrc_contents)
self.create_file_for_image("/usr/share/skel/dot.bashrc", contents=dot_bashrc_contents)
self.create_file_for_image("/root/.bashrc", contents=dot_bashrc_contents, mode=0o644)
self.create_file_for_image("/usr/share/skel/dot.bashrc", contents=dot_bashrc_contents, mode=0o644)
dot_bash_profile_contents = self.file_templates.get_dot_bash_profile_template().format(
SRCPATH=self.config.source_root,
ROOTFS_DIR=self.rootfs_dir)
self.create_file_for_image("/root/.bash_profile", contents=dot_bash_profile_contents)
self.create_file_for_image("/usr/share/skel/dot.bash_profile", contents=dot_bash_profile_contents)
self.create_file_for_image("/root/.bash_profile", contents=dot_bash_profile_contents, mode=0o644)
self.create_file_for_image("/usr/share/skel/dot.bash_profile", contents=dot_bash_profile_contents, mode=0o644)

# Add the mount-source/mount-rootfs/do-reroot scripts (even in the minimal image)
# TODO: should we omit this from the minimal image?
Expand Down Expand Up @@ -390,7 +392,7 @@ def path_relative_to_outputroot(xtarget) -> Path:
new_kyua_config_contents = self.read_file(kyua_config)
new_kyua_config_contents += include_local_file("files/cheribsd/kyua.conf.append")
self.create_file_for_image("/" + kyua_config_path, contents=new_kyua_config_contents,
show_contents_non_verbose=False)
mode=0o644, show_contents_non_verbose=False)

# make sure that the disk image always has the same SSH host keys
# If they don't exist the system will generate one on first boot and we have to accept them every time
Expand All @@ -406,7 +408,7 @@ def path_relative_to_outputroot(xtarget) -> Path:
new_sshd_config_contents += "\n# Allow root login with pubkey auth:\nPermitRootLogin without-password\n"
new_sshd_config_contents += "\n# Major speedup to SSH performance:\n UseDNS no\n"
self.create_file_for_image("/etc/ssh/sshd_config", contents=new_sshd_config_contents,
show_contents_non_verbose=False)
mode=0o644, show_contents_non_verbose=False)
# now try adding the right ~/.ssh/authorized_keys
authorized_keys = self.extra_files_dir / "root/.ssh/authorized_keys"
if not authorized_keys.is_file():
Expand Down Expand Up @@ -1122,13 +1124,13 @@ def add_required_libraries(self, libdirs: "list[str]", ignore_required: bool = F
def prepare_rootfs(self):
super().prepare_rootfs()
# Add the additional sysctl configs
self.create_file_for_image("/etc/pam.d/system", show_contents_non_verbose=False,
self.create_file_for_image("/etc/pam.d/system", mode=0o644, show_contents_non_verbose=False,
contents=include_local_file("files/minimal-image/pam.d/system"))
# disable coredumps (since there is almost no space on the image)
self.create_file_for_image("/etc/sysctl.conf", show_contents_non_verbose=False,
self.create_file_for_image("/etc/sysctl.conf", mode=0o644, show_contents_non_verbose=False,
contents=include_local_file("files/minimal-image/etc/sysctl.conf"))
# The actual minimal startup file:
self.create_file_for_image("/etc/rc", show_contents_non_verbose=False,
self.create_file_for_image("/etc/rc", mode=0o644, show_contents_non_verbose=False,
contents=include_local_file("files/minimal-image/etc/rc"))

def make_rootfs_image(self, rootfs_img: Path):
Expand Down
Loading